package shiro.filter;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter;

import com.jfinal.kit.JsonKit;

import appbase.utils.HttpResponseKit;
import dshop.AppConst;

public class PermissionFailHandleFilter extends PermissionsAuthorizationFilter {

	private static final Logger log = Logger.getLogger(PermissionFailHandleFilter.class);
	
	 
	
	protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws IOException 
	{
		/*HttpServletRequest httpRequest = (HttpServletRequest)request;
		if (HttpRequestKit.isAjaxRequest(httpRequest)) 
		{
			
		}*/
		
		/*WebUtils.issueRedirect(request, response, "/admin/login");
        return false;*/
        
		HttpServletRequest servletRequest = (HttpServletRequest)request;
		log.info("权限验证失败：sessionId = " + servletRequest.getSession().getId());
		
        Map<String, Object> dataMap = new HashMap<String, Object>();
		
		dataMap.put(AppConst.RESPONSE_KEY_CODE, AppConst.RESPONSE_VALUE_CODE_UNAUTHORITY);
		dataMap.put(AppConst.RESPONSE_KEY_MSG, "没有权限进行该操作");
		
		String json = JsonKit.toJson(dataMap);
		
		HttpResponseKit.writeJson((HttpServletResponse)response, json);
		
		return false;
    }
	
}
